<?php
if(!defined("IN_PHPSCUP"))exit("hacking");
class Filter {
	//变量处理列表
	var $_table_list = array (
		's' => array (
			'em' => '_email_filter', //过滤及验证电子邮件
	'lo1' => '_limit_long', //验证字符串的长度是否大于0小于15
	'tm' => '_time_filter', //验证字符是否为合法的时间格式
	'yz' => '_checkimage_filter', //验证码的验证	
		)
	);
	//临时变量						  
	var $_temp_var = '';

	var $_temp_key = '';

	var $_temp_key_list = '';

	function __construct() {
		$this->Filter();
	}

	function Filter() { //合并数组
		$this->_table_list['s'] = $this->_filter_table() + $this->_table_list['s'];
		$this->_temp_key_list = array_flip($this->_table_list['s']);
		$this->_filter_gcp();
	}

	//用来判断那个变量使用那个函数过滤
	function _filter_table() {
		return array ();
	}

	/*
	 *过滤get标记参数和post标记参数及cookie标记参数。
	 *
	 *命名方式如下：
	 *1.变量名(即自定义名)+'_i' -------表示此变量为int类型	 
	 *2.变量名(即自定义名)+'_s' -------表示此变量为string类型
	 *3.变量名(即自定义名)+''   -------表示此变量默认为int类型	 
	 */
	function _filter_gcp() {
		$_GET = $this->_filter_deep($_GET);
		$_POST = $this->_filter_deep($_POST);
		$_COOKIE = $this->_filter_deep($_COOKIE);

	}

	/*
	 *过滤get标记参数和post标记参数及cookie标记参数。
	 *
	 *命名方式如下：
	 *1.变量名(即自定义名)+'_i' -------表示此变量为int类型
	 	 
	 *2.变量名(即自定义名)+'_s' -------表示此变量为string类型	 
	 *2.1.变量名(即自定义名)+'_s'+'_em' -------表示此变量为string类型且进行emaill验证	 
	 *2.2.变量名(即自定义名)+'_s'+'_lo1' -------表示此变量为string类型且进行字符传长度验证为长度是否大于0小于15	 
	 *2.2.变量名(即自定义名)+'_s'+'_lo2' -------表示此变量为string类型且进行字符传长度验证为长度是否大于0小于50
	 	 
	 *3.变量名(即自定义名)+''   -------表示此变量使用addslashes处理类型
	 *4.变量名(即自定义名)+'_f' -------表示此变量为float类型 
	 */
	function _filter_deep($array) {
		foreach ($array as $key => $value) {
			if (!is_array($value)) {
				!get_magic_quotes_gpc() && $value = addslashes($value);
               	if(strstr($value,">"))
	            {
				
		        $value = preg_replace('/javascript/i','java script',$value);//过滤js代码
		        $value = preg_replace('/<iframe ([^<>]+)>/i','&lt;iframe \\1>',$value);//过滤框架代码
				$value = str_replace("'",'"',$value);
	            }else
				{
			    $value = filtrate($value);				
				}
			   
				$this->_temp_var = $value;
				$this->_temp_key = $key;

				if (strstr($key, '_i') !== false) {

					$this->_temp_var = intval($this->_temp_var);
				} else if (($model = strstr($key, '_s')) !== false) {
						$model = substr($model, 2);
						$str_re = str_replace($this->_temp_key_list, '', $model);
						$str_re = str_replace('_', '', $str_re);

						if (empty ($str_re)) {
							$model = explode('_', trim($model));
							$model = array_unique($model);
							$model = del_empty_var($model);
							array_map(array (
								$this,
								'_run_action'
							), $model);
						}
					} else if (strstr($key, '_f') !== false) {
							$this->_temp_var = floatval($this->_temp_var);
						}

				$array[$key] = $this->_temp_var;
			} else {
				$array[$key] = $this->_filter_deep($array[$key]);
			}
		}
		return $array;
	}

	function _run_action($model) {
		if (array_key_exists($model, $this->_table_list['s']) && method_exists($this, $this->_table_list['s'][$model])) {
			$action = $this->_table_list['s'][$model];
			$this-> $action ();
		} else {
			exit ('missing_filter_action');
		}
	}

	function _email_filter() {
		$chars = "/^([a-z0-9+_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,5}\$/i";
		if (strpos($this->_temp_var, '@') !== false && strpos($this->_temp_var, '.') !== false) {
			if (!preg_match($chars, $this->_temp_var)) {
				$this->_display();
			}

		} else {
			$this->_display();
		}
	}

	function _time_filter() {
		$pattern = '/[\d]{4}-[\d]{1,2}-[\d]{1,2}\s[\d]{1,2}:[\d]{1,2}:[\d]{1,2}/';
		if (!preg_match($pattern, $this->_temp_var)) {
			$this->_display();
		}
	}

	function _checkimage_filter() 
	{
		if(!isset($GLOBALS['SCup']->SCup_user_msg['data']['yzImgNum']))
		{
		  $GLOBALS['SCup']->SCup_user_msg['data']['yzImgNum']='';
		}
	
		$cookie_yzimgnum = $GLOBALS['SCup']->SCup_user_msg['data']['yzImgNum'];	
		if(empty($cookie_yzimgnum))
		{		
		$cookie_yzimgnum = get_cookie('yzImgNum');	
		}		
		if(!isset($_POST['yzImgNum_s_yz']))
		{
		$_POST['yzImgNum_s_yz']='';
		}
		if(!isset($_GET['yzImgNum_s_yz']))
		{
		$_GET['yzImgNum_s_yz']='';
		}		
		$post_yzimgnum = $_POST['yzImgNum_s_yz'];
		$get_yzimgnum = $_GET['yzImgNum_s_yz'];

		if ($cookie_yzimgnum=='') 
		{
		 $notice = &get_message(array('msg'=>'验证码为空','url'=>"reload",'title'=>'Notice'));
		 $notice ->display();
		}

		if(!($get_yzimgnum!=''||$post_yzimgnum!=''))
		{
		 $notice = &get_message(array('msg'=>'验证码输入为空','url'=>"reload",'title'=>'Notice'));
		 $notice ->display();		
		}

		if($get_yzimgnum)$yzimgnum = $get_yzimgnum;
		if($post_yzimgnum)$yzimgnum = $post_yzimgnum;
        
		
		if ($yzimgnum!=$cookie_yzimgnum) 
		{
		 $notice = &get_message(array('msg'=>'验证码错误','url'=>"reload",'title'=>'Notice'));
		 $notice ->display();
		}
	}

	function _display() {
		 $notice = &get_message(array('msg'=>'"' . $this->_temp_key . '" exit hack','url'=>"?",'title'=>'Notice'));
		 $notice ->display();	
		//exit ('"' . $this->_temp_key . '" exit hack');
	}
}
?>